The Hitlist

//The Hitlist

The Hitlist: International Travel

International travel is common in today's business world.  Many times businesses assume that their standard policies can apply to any international destination.  We recently had a client contact us about traveling to their international office in a country that is typically known for lacking respect for other's privacy.  They asked us, considering this client would be discussing corporate trade secrets and other senstive info, what precautions they should take. We gave them a list of recommendations and explained that many of these would not make travel simple from a technological standpoint, but would provide them the most security benefit.  These [...]

By | 2015-01-28T09:21:23-05:00 October 17th, 2014|Compliance, Research, The Hitlist|0 Comments

The Hitlist: BYOD

"Bring Your Own Device" or BYOD is becoming an ever increasing topic among CIOs and other executives.  We are not here to argue the merits of BYOD, but we do want to mention a few key topics to think about if you consider implementing it. 1. Policy The first thing an organization should have before implementing BYOD are policies that govern it.  They should cover topics such as: What is acceptable use, what types of devices can be used, what should I do if my device is lost or stolen, is MDM required, etc. 2. Corporate MDM (Mobile Device Management) If [...]

By | 2014-06-13T08:42:18-05:00 June 13th, 2014|The Hitlist|0 Comments

The Hitlist: Perimeter Network Security Part 2

Part 1 of our “Perimeter Network Security” Hitlist covered the virtual considerations one must consider when securing their network.  Now, we will cover the things one should consider when securing the physical side of their network. Physical Considerations: Even though the virtual perimeter is the most obvious and most likely to be attacked, the physical perimeter can provide just as much access to resources inside of your network. 1. Wireless There was some debate as to whether to include WiFi in the "physical security" section of this post, however, the fact remains that someone must physically be on site (or [...]

By | 2014-06-10T09:21:05-05:00 June 3rd, 2014|The Hitlist|0 Comments

The Hitlist: Perimeter Network Security Part 1

To “completely” secure an enterprise network is a very complex, and often, nearly impossible task.  There are several different factors that come into play that must be considered and weighed: business requirements, stakeholders, network configuration, compliance requirements, etc.  We have told a number of our clients that, in most situations, if someone really wants to get into a network, they will, and you can't stop them.  However, you can prepare yourself to better recognize, and respond to attacks.  This list is designed to offer a list of basic  key points of entry into a network, both virtual and physical, one [...]

By | 2014-06-03T16:22:03-05:00 June 2nd, 2014|The Hitlist|0 Comments

The Hitlist: Corporate WiFi

Many organizations are faced with the decision to implement or to forgo corporate WiFi. There are a number of considers to think about when contemplating this and many are business and security related and not merely technical in nature. Here are some things to consider: 1. Is it necessary? The first question to ask yourself is whether or not WiFi is necessary, and you must also realize that there are different levels of what is "actually" necessary.  If the CEO says that it is necessary to implement WiFi, you must consider the business reason for why it is needed. Would [...]

By | 2014-06-02T14:22:41-05:00 May 27th, 2014|The Hitlist|0 Comments

The Hitlist: Compliance

The Hitlist is a new series where we will attempt to provide a quick list of security considerations for a particular technology or initiative within an organization.  Our first post will be on compliance.  What we mean is if your organization is attempting to become compliant to an industry standard or regulation, these are things that will have to be considered and more than likely implemented across the board for things such as PCI-DSS, HIPAA, ISO27k, FISMA and more.  Here is the hitlist for things to consider when planning to meet a compliance standard: 1. Patch Your Stuff Everyone hates [...]

By | 2015-03-31T08:57:16-05:00 May 22nd, 2014|The Hitlist|2 Comments